I need to get a new monitor for work (seeing as some scumbags stole the last one).
A long time ago (when I had better eyesight) I managed to get a rather nice IBM monitor that was 3840x2400 and was awesome. The real issue back then was the way linux handled high resolution screens. Getting any of the icons or window decoration to a size you could hit with a mouse was hard work - getting a mouse setting that was still usable was also hard. I have to say apple have done a good job handling high resolution though (retina displays and the like) - with some things scaled, some things done as full resolution (text) and settings that seem to work well. That monitor is used to display lots of nice graphs in our tech support team these days.
Anyway, what I have been used to for some time, and have at home, is a 30" apple cinema monitor that was 2560 x 1600. This was a good compromise of pixels I could see, but a nice big screen. It was very nice. I was really happy with that.
Of course, now that 4k TV has come along, we see new monitors. So I am looking at a 4k monitor. For those that do not know, the "4k" bit means the horizontal resolution. Even so, it is actually 3840 x 2160, so exactly twice each way compared to full HD screens (which makes a lot of sense for backwards compatibility). Given that hard drive manufacturers ran in to issues calling a gigabyte a gigabyte when people incorrectly assumed a gibibyte, I am shocked that monitor manufacturers are not expected to provide 4000 pixels or even 4096 pixels for something called "4k". I'll wait for people in the US to start suing manufacturers.
Anyway, this means that there are some impressive panels to get as a monitor. But given how the 30" was only 2560 x 1600, I may be better getting something a tad bigger than 30" if it is 3840 x 2160. Of course, a 60" on my desk is impractical and I don't want a neck ache from having to keep moving my head to see different parts of the screen.
Whilst I have yet to decide on a suitable panel, I was somewhat bemused to see "4k" TVs that are not 4k. For example Sharp Aquos LC60UQ10 LED 1080p Full HD 3D 4K Compatible Smart TV, i.e. it is "4K Compatible". Now, a TV compatible with 4 Kelvin (very cold) is impressive, but I am sure they mean "4k compatible". The resolution is described as 1920 x 1080 (native); 3840 x 2160 (effective). So this is a normal full HD panel. How can that ever be "effective" as 4k?
At some point I'm sure I'll get a new TV for the house as well, and that is where LGs trick of alternative lines being polarised to do passive glasses 3D will be excellent as it will allow full HD 3D with no compromise on vertical resolution. But that is a project for another day - for now it is a new monitor for my office machine.
Any recommendations for a panel would be good.
2014-04-26
2014-04-25
Record breaking base jump?
So, the news story was about these two base jumpers leaping from the world's highest building, as a record breaking base jump.
Impressive! The story names them both, and shows the start of the two jumps...
But surely there is a third person, starting off higher than these two, and following them down - the cameraman. He/she was not named at all.
Why is the story not of three people doing this jump?
Or did I miss something really obvious here.
Impressive! The story names them both, and shows the start of the two jumps...
But surely there is a third person, starting off higher than these two, and following them down - the cameraman. He/she was not named at all.
Why is the story not of three people doing this jump?
Or did I miss something really obvious here.
2014-04-24
"we use the fibre optic cable to install the services at the customers property"
So, reply from Virgin says :-
"Just to inform you we provide copper coax cable till the main box and from there we use the fibre optic cable to install the services at the customers property."
Is it me or are they saying that they use the fibre optic cable to install the services at the customers property ?
That seems to be what they are saying, but I can be 100% sure that they did not in fact use fibre optic cable to install the services at my property.
I think this deserves another letter with more pictures :-)
"Just to inform you we provide copper coax cable till the main box and from there we use the fibre optic cable to install the services at the customers property."
Is it me or are they saying that they use the fibre optic cable to install the services at the customers property ?
That seems to be what they are saying, but I can be 100% sure that they did not in fact use fibre optic cable to install the services at my property.
I think this deserves another letter with more pictures :-)
2014-04-23
SFI2 is an optional extra service
This is not a comment I have heard in a long time, but was quoted to me today.
When BT introduced SFI (Special Faults Investigation) it was a cunning way to charge people for fault repair. The underlying issue being the grey area of how well a modem works on a copper pair which had lead to lots of wasted engineer time and BT wanted to recover that. Rather than fix the underlying issue of the product they sold having a grey area (something fixed by BT supplied modems on FTTC), they decided to charge for engineering investigations and launched SFI. Like many, we think SFI pushed the cost too far away from BT and there has been an ongoing battle between ISPs and BTs for many years now. In practice BT charge if they fail to find a fault in BT's network even though the service was always sold as charging if proved to be a fault in the end user's or customer's control.
There have been many stances taken by each side in this ongoing arms rate. For your amusement, at one point in this arms race BT claimed the SFI charge was for inspecting customer equipment and that a visual inspection was done by the engineer - that led to us instructing customers to remove and hide all of their equipment thereby thwarting BTs argument. The arms race moved on.
Even so, the "SFI2 is an optional extra service" is one I have not heard for some time. The standard argument and counter argument for this are as below
BT: We will, of course, fix faults, but when we can't find a fault using our remote testing you have the option of ordering an extra service to investigate if there really is a fault. If it turns out it was a BT fault after all, we don't charge you for this extra investigation, but otherwise we do if it was customer equipment causing the problem after all.
ISP: We can demonstrate that there is clearly a fault in the service, even though your tests don't see it. We have done lots of investigation already and already replaced all end user equipment. Here, look at out findings - you can see a fault, now fix it, please.
BT: We won't do anything unless you book an SFI2 engineer (for which we might charge you)
ISP: But SFI2 is optional - we don't have to order it. So we take the option not to. Now, are you refusing to fix this fault?
The conversation degenerates in to repeats of "no, not refusing to fix, but you have to order SFI2" and "if you are not refusing to fix it, then just fix it, no we are not ordering SFI2 as it is optional" and eventually "fix it! fix it! fix it!" (literally, in one case).
It is hard work, but the final result is usually BT booking an engineer which we, obviously, refuse to pay for because we did not order the extra optional service.
It was not a very good time, so it rather odd that BT have now moved back to this stance with their latest statement in an email (as reported to us by our account manager - who is a good guy).
This all came up because BT have come up with a new policy with regard to SFI disputes. Basically, if we have reported a fault, and they have sent multiple SFI2 engineers, and eventually they actually find a fault and fix it within BT's network, they don't charge for that final SFI2 engineer. The policy used to be that they would also not charge for all of the wasted previous SFI2 engineers, but the change of policy is that they now will charge for all previous engineer visits where no fault was found.
Now, this is, obviously, totally wrong. If there is a fault, as the final engineer confirmed existed, and it is within BT's network, then obviously it is up to BT, at BT's cost, to fix that fault. A working service is what we pay for in the first place.
If previous engineers failed to find the fault, then that is BT wasting our time (and our customer's), so if there is anything to pay it should be BT paying us compensation for that wasted time (so we can compensate our customer, who may have had to take time of work, etc).
There is no way on earth we would pay BT engineers for failing to find and fix a BT fault.
We have said this one will go to arbitration, or even court, if they do not fix this broken policy.
Let's see how it goes, but I warn other ISPs to check this new policy out. It is supposedly briefed via account managers, but we have not seen any such briefing.
P.S. BT have asked for some discussions that don't go on my blog. This is no problem, and I am pleased that my blog is taken seriously. I am happy to work with BT to resolve issues by whatever means we can. An off the record meeting is always possible and sometimes useful. We normally try to work with BT before blogging stuff anyway, and I have previously blogged about cases where we have worked with BT successfully. But there are, of course, cases where other ISPs need to know what is going on and present a united front to BT - so there will be cases, like this blog, where I feel it is important to spread the word, within the bounds of confidentiality agreements, obviously.
When BT introduced SFI (Special Faults Investigation) it was a cunning way to charge people for fault repair. The underlying issue being the grey area of how well a modem works on a copper pair which had lead to lots of wasted engineer time and BT wanted to recover that. Rather than fix the underlying issue of the product they sold having a grey area (something fixed by BT supplied modems on FTTC), they decided to charge for engineering investigations and launched SFI. Like many, we think SFI pushed the cost too far away from BT and there has been an ongoing battle between ISPs and BTs for many years now. In practice BT charge if they fail to find a fault in BT's network even though the service was always sold as charging if proved to be a fault in the end user's or customer's control.
There have been many stances taken by each side in this ongoing arms rate. For your amusement, at one point in this arms race BT claimed the SFI charge was for inspecting customer equipment and that a visual inspection was done by the engineer - that led to us instructing customers to remove and hide all of their equipment thereby thwarting BTs argument. The arms race moved on.
Even so, the "SFI2 is an optional extra service" is one I have not heard for some time. The standard argument and counter argument for this are as below
BT: We will, of course, fix faults, but when we can't find a fault using our remote testing you have the option of ordering an extra service to investigate if there really is a fault. If it turns out it was a BT fault after all, we don't charge you for this extra investigation, but otherwise we do if it was customer equipment causing the problem after all.
ISP: We can demonstrate that there is clearly a fault in the service, even though your tests don't see it. We have done lots of investigation already and already replaced all end user equipment. Here, look at out findings - you can see a fault, now fix it, please.
BT: We won't do anything unless you book an SFI2 engineer (for which we might charge you)
ISP: But SFI2 is optional - we don't have to order it. So we take the option not to. Now, are you refusing to fix this fault?
The conversation degenerates in to repeats of "no, not refusing to fix, but you have to order SFI2" and "if you are not refusing to fix it, then just fix it, no we are not ordering SFI2 as it is optional" and eventually "fix it! fix it! fix it!" (literally, in one case).
It is hard work, but the final result is usually BT booking an engineer which we, obviously, refuse to pay for because we did not order the extra optional service.
It was not a very good time, so it rather odd that BT have now moved back to this stance with their latest statement in an email (as reported to us by our account manager - who is a good guy).
This all came up because BT have come up with a new policy with regard to SFI disputes. Basically, if we have reported a fault, and they have sent multiple SFI2 engineers, and eventually they actually find a fault and fix it within BT's network, they don't charge for that final SFI2 engineer. The policy used to be that they would also not charge for all of the wasted previous SFI2 engineers, but the change of policy is that they now will charge for all previous engineer visits where no fault was found.
Now, this is, obviously, totally wrong. If there is a fault, as the final engineer confirmed existed, and it is within BT's network, then obviously it is up to BT, at BT's cost, to fix that fault. A working service is what we pay for in the first place.
If previous engineers failed to find the fault, then that is BT wasting our time (and our customer's), so if there is anything to pay it should be BT paying us compensation for that wasted time (so we can compensate our customer, who may have had to take time of work, etc).
There is no way on earth we would pay BT engineers for failing to find and fix a BT fault.
We have said this one will go to arbitration, or even court, if they do not fix this broken policy.
Let's see how it goes, but I warn other ISPs to check this new policy out. It is supposedly briefed via account managers, but we have not seen any such briefing.
P.S. BT have asked for some discussions that don't go on my blog. This is no problem, and I am pleased that my blog is taken seriously. I am happy to work with BT to resolve issues by whatever means we can. An off the record meeting is always possible and sometimes useful. We normally try to work with BT before blogging stuff anyway, and I have previously blogged about cases where we have worked with BT successfully. But there are, of course, cases where other ISPs need to know what is going on and present a united front to BT - so there will be cases, like this blog, where I feel it is important to spread the word, within the bounds of confidentiality agreements, obviously.
2014-04-20
Red faces
High Definition TV is all digital. So if you have HD footage from a TV series, actually made in HD in the first place, you should be able to see it perfectly on your TV exactly as the producer wanted it to be seen.
There really is no reason to change it. Indeed, changing it in any way is more work for the TV channel, etc. It is bad enough they slap their damn logo on the image, but why make any changes?
I am sure I have blogged, like many others, on the total stupidity of overscan on HD TVs. TV screens are made with 1920x1080 pixels for full HD to match the format, and a full HD source should put the 1920x1080 pixels from the source on to the TV one-to-one. But for some stupid, and largely historical, reason some TVs are set, by default, to scale up the image so that we see slightly less than the full width and height stretched to TV size. This makes every single pixel softer as it is a calculated value from adjacent pixels. They are quite good at it, but it is different to the original and not as clear. Make sure you always set your HD TV to show HD images correctly and turn off overscan.
But I have started to notice some serious problems with some HD channels. Notable watching NCIS on Universal HD (on Sky), the colour is adjusted. Only during the programme, not the adverts, but people have red faces. It looks shite. Watching NCIS on another channel like FOX HD is fine.
Why the hell would anyone adjust an HD programme? Why not send each pixel as is without scaling or adjusting or anything. That gives the producer the best chance of showing the viewer what they intended. Yes, TVs have adjustments, though that really is a tad unnecessary though local lighting and colours could be relevant then.
Annoying.
There really is no reason to change it. Indeed, changing it in any way is more work for the TV channel, etc. It is bad enough they slap their damn logo on the image, but why make any changes?
I am sure I have blogged, like many others, on the total stupidity of overscan on HD TVs. TV screens are made with 1920x1080 pixels for full HD to match the format, and a full HD source should put the 1920x1080 pixels from the source on to the TV one-to-one. But for some stupid, and largely historical, reason some TVs are set, by default, to scale up the image so that we see slightly less than the full width and height stretched to TV size. This makes every single pixel softer as it is a calculated value from adjacent pixels. They are quite good at it, but it is different to the original and not as clear. Make sure you always set your HD TV to show HD images correctly and turn off overscan.
But I have started to notice some serious problems with some HD channels. Notable watching NCIS on Universal HD (on Sky), the colour is adjusted. Only during the programme, not the adverts, but people have red faces. It looks shite. Watching NCIS on another channel like FOX HD is fine.
Why the hell would anyone adjust an HD programme? Why not send each pixel as is without scaling or adjusting or anything. That gives the producer the best chance of showing the viewer what they intended. Yes, TVs have adjustments, though that really is a tad unnecessary though local lighting and colours could be relevant then.
Annoying.
2014-04-18
Drinking too much?
My wife has abandoned me for Easter - she, and three daughters (and a large dog) have gone to Wales, at least until Sunday. I have been left caring for cat and small (annoying) dog, but at least the pony is sorted by someone else, phew...
It is fine though - and I have lots of work to be getting on with and will be in the office tomorrow. She has gone over board ensuring enough food in the house, from bread for toast, cookies, crisps, and enough juice to sink a battleship right through to lasagne, and macaroni cheese and everything in between. She loves me :-)
What I has not realised is that my son is also abandoned - his girlfriend off to a LAN gaming event. But he has no food, and had to beg me to get him a company bike this morning so he had some transport for the weekend even... He did manage to get the cider in though. The picture is my [company] bike (the sensible one with a rack and a basket to carry cider).
Annoyingly I have no whisky in, so I am trying Glayva again. I had stopped drinking it, and stopped drinking SoCo too, as both were giving me a headache. I have been googling and it seems I am not alone in this. Not these drinks specifically, but the fact that you can have drunk the same for years and suddenly find a problem with a specific drink. It is very annoying.
It is not a hang over (before you even suggest it). You don't get to 50 without knowing exactly what a hang over is - not just a headache, but an overall feeling, and it is mainly dehydration and/or the effects of losing minerals from trying to combat dehydration, and not nice. But I have rarely had hang overs for decades. I am always sensible to have some water or juice before bed, and usually am fine, bright, alert and well rested after a night's sleep even after drinking silly amounts that floor others.
What is odd is that specific drinks were giving me a headache a few hours later, usually meaning waking at midnight with a headache, on one side of my head, so bad I cannot sleep all night and not really starting to recover until maybe 8am. I feel grotty all morning as well, and pain killers do nothing. It seems very black and white - below a threshold of the drink I am fine, as normal, above it, I am very unwell. Though not 100% consistent - some times fine, but not often.
So I had to change drinks, and ironically stronger drinks were better! Single malt Scotch at 60% ABV is fine, making for expensive tastes. I did get an optic to try and ensure I understood what levels were an issue or not. Ironically I am probably drinking less alcohol these days as a result.
But I do wonder what it is - I doubt my GP will give advice other than "drink less" but it is odd. Some of the things that change as you get older are a surprise. There should be "getting old lessons" at school!
Tonight I am trying Glayva as a scientific trial... If I am not well over night I'll post an update. I have not had Glayva for many months so maybe I am fine again. We'll see.
Update: I had a slightly upset tummy which I had a bit during the day as well - but otherwise fine, in work just after 7, no headache, no hangover, all good. Interesting.
It is fine though - and I have lots of work to be getting on with and will be in the office tomorrow. She has gone over board ensuring enough food in the house, from bread for toast, cookies, crisps, and enough juice to sink a battleship right through to lasagne, and macaroni cheese and everything in between. She loves me :-)
What I has not realised is that my son is also abandoned - his girlfriend off to a LAN gaming event. But he has no food, and had to beg me to get him a company bike this morning so he had some transport for the weekend even... He did manage to get the cider in though. The picture is my [company] bike (the sensible one with a rack and a basket to carry cider).
Annoyingly I have no whisky in, so I am trying Glayva again. I had stopped drinking it, and stopped drinking SoCo too, as both were giving me a headache. I have been googling and it seems I am not alone in this. Not these drinks specifically, but the fact that you can have drunk the same for years and suddenly find a problem with a specific drink. It is very annoying.
It is not a hang over (before you even suggest it). You don't get to 50 without knowing exactly what a hang over is - not just a headache, but an overall feeling, and it is mainly dehydration and/or the effects of losing minerals from trying to combat dehydration, and not nice. But I have rarely had hang overs for decades. I am always sensible to have some water or juice before bed, and usually am fine, bright, alert and well rested after a night's sleep even after drinking silly amounts that floor others.
What is odd is that specific drinks were giving me a headache a few hours later, usually meaning waking at midnight with a headache, on one side of my head, so bad I cannot sleep all night and not really starting to recover until maybe 8am. I feel grotty all morning as well, and pain killers do nothing. It seems very black and white - below a threshold of the drink I am fine, as normal, above it, I am very unwell. Though not 100% consistent - some times fine, but not often.
So I had to change drinks, and ironically stronger drinks were better! Single malt Scotch at 60% ABV is fine, making for expensive tastes. I did get an optic to try and ensure I understood what levels were an issue or not. Ironically I am probably drinking less alcohol these days as a result.
But I do wonder what it is - I doubt my GP will give advice other than "drink less" but it is odd. Some of the things that change as you get older are a surprise. There should be "getting old lessons" at school!
Tonight I am trying Glayva as a scientific trial... If I am not well over night I'll post an update. I have not had Glayva for many months so maybe I am fine again. We'll see.
Update: I had a slightly upset tummy which I had a bit during the day as well - but otherwise fine, in work just after 7, no headache, no hangover, all good. Interesting.
2014-04-16
order with obligation to pay
Some of you may have noticed that the order forms on our web site now have rather ugly buttons say "order with obligation to pay" instead of "Confirm" or "Place order" or some such.
Why?
Well, it is a new law coming in which replaces the old Distance Selling Directive on 13th June 2014: The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.
There has been some mention of these regulations as they will effectively get rid of the 0871 or otherwise expensive contact numbers. Section 41 says helpline telephone numbers shall not be more than the basic rate. Though they don't define that.
But there is a requirement buried in section 14 which is rather fun.
It says:
(4) If placing an order entails activating a button or a similar function, the trader must ensure that the button or similar function is labelled in an easily legible manner only with the words ‘order with obligation to pay’ or a corresponding unambiguous formulation indicating that placing the order entails an obligation to pay the trader.
Now, that is pretty specific. It says "only" with the words, and says the label on the actual button must say this (or corresponding unambiguous formation).
So web sites that just say "Order" or "Place order" or "Confirm" will not be complying.
Well these regulations have various enforcement for breaches, as most do, and one could expect trading standards or some such to complain if you don't meet the regulations. Fair enough.
Except, it goes on to say:
(5) If the trader has not complied with paragraphs (3) and (4), the consumer is not bound by the contract or order.
Now this is serious! It is way more serious than any wrap on the knuckles by trading standards or even a fine. It says the consumer is not bound by the contract!
Note that it does not say the contract is void, or can be cancelled by the consumer or any such (cancellation rights are all covered in detail elsewhere). It says the consumer is not bound by the contract. It does not say the trader is not bound. It does not say the consumer has to return goods supplied, or pay for services supplied. It is one sided - consumer not bound.
That is a massive penalty on the trader. And it applies to all UK traders from 13th June 2014. What fun that will be.
Why?
Well, it is a new law coming in which replaces the old Distance Selling Directive on 13th June 2014: The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.
There has been some mention of these regulations as they will effectively get rid of the 0871 or otherwise expensive contact numbers. Section 41 says helpline telephone numbers shall not be more than the basic rate. Though they don't define that.
But there is a requirement buried in section 14 which is rather fun.
It says:
(4) If placing an order entails activating a button or a similar function, the trader must ensure that the button or similar function is labelled in an easily legible manner only with the words ‘order with obligation to pay’ or a corresponding unambiguous formulation indicating that placing the order entails an obligation to pay the trader.
Now, that is pretty specific. It says "only" with the words, and says the label on the actual button must say this (or corresponding unambiguous formation).
So web sites that just say "Order" or "Place order" or "Confirm" will not be complying.
Well these regulations have various enforcement for breaches, as most do, and one could expect trading standards or some such to complain if you don't meet the regulations. Fair enough.
Except, it goes on to say:
(5) If the trader has not complied with paragraphs (3) and (4), the consumer is not bound by the contract or order.
Now this is serious! It is way more serious than any wrap on the knuckles by trading standards or even a fine. It says the consumer is not bound by the contract!
Note that it does not say the contract is void, or can be cancelled by the consumer or any such (cancellation rights are all covered in detail elsewhere). It says the consumer is not bound by the contract. It does not say the trader is not bound. It does not say the consumer has to return goods supplied, or pay for services supplied. It is one sided - consumer not bound.
That is a massive penalty on the trader. And it applies to all UK traders from 13th June 2014. What fun that will be.
2014-04-13
Securing the office
As I am sure many of you know we were broken in to last month, one Thursday night, and lost quite a bit of kit. It was mostly shiny (aka "apple") stuff. It was very unpleasant (though way less so than ADR), and having decided many years ago that the cost of contents insurance done properly was silly expensive it has cost us (not as much as insurance would have).
But it does rather focus the mind, and, as promised, this blog post is to cover the issues we had, the complacency and errors, and some of the steps we have now taken.
Posting any details of our security may be a potential risk, but apart from considering the impossibly small set of people that read my blog and are involved with criminals in the area, I am also restricting this to stuff that you can deduce yourself if you visited or cased the joint anyway.
What happened
Three people came on foot to the office, walked around it, tried the fire exits, and checked out the front door. It seems they targeted us (that is what the police think too) so probably know someone that has visited - maybe a delivery driver, etc.
The went away and came back with a small van or estate car, drove up to the door and broke in. It seems they brought a drain cover, the role of which is unclear. Somehow (also unknown) they forced the doors. They then quickly grabbed four iMacs, two 30" apple monitors, two iPad minis, two laptops, and took a TV off the wall (one so old we were about to throw away).
They were clearly in a hurry, but spent around 5 minutes on site. Police say they would have assumed a silent alarm. They grabbed kit and took it, breaking connectors in some cases, and dragging stuff off desks as they went. Clearly in a hurry.
What they did not take
What they did not take was a surprise. I will not list everything, for obvious reasons, but there were several high value items in the room they did not consider, and some easily disposable items such as a brand new TV in a box, two brand new monitors in boxes, even a box of expensive whisky. However, if you are going to turn over an office like ours they missed a very obvious and high value set of items - the chairs. Herman Miller chairs run to hundreds each and are routinely sold second hand with no serial numbers. But they did not bring a big van, so probably why they did not touch them. My guess is the chairs were worth the most in terms of easily movable items.
Surprises
They took iMacs and iPads. As we understand it these will never be usable as they are, being locked to apple IDs. They knew to turn off the iPads, for example, to stop them being traced. The only idea here being that they can break stuff down for spares.
What we can learn from that
A really obvious thing that you just don't think of is that the value of an item to a thief is very different to the owner. We have lots of valuable stuff, valuable to us, but not something they could sell. They did not touch the boring black generic monitors or the generic linux under-desk PCs. Once assumes that (a) they knew there was lots of apple stuff, and (b) they have a means of disposal for it.
What we did wrong
This is obviously something we can go in to more detail on, having fixed it all. It comes from over 17 years of not being robbed - complacency.
To get to the office they had to breach two mag-locked doors. Now, if you have ever tried, a mag-lock is damn strong. They do not come apart and you will damage the door frame before they do. We are at a loss as to how they breached the outer door as it is pull not push, but the inner door may have been shocked by a heavy object (perhaps the drain cover).
Having just mag-locks seems silly in hindsight, but the fact you have to get passed two of them, and the alarm would sound anyway and we would know and be there in minutes, is why we did not worry too much.
Unfortunately there were issues - the outer door closer was not quite right, and could leave the door ajar (now fixed). The staff that locked up were adamant this was not the case, but it would have been easy to miss. Even so, the mag lock may be force-able with a crowbar on the door or some such, no idea.
The other big issue is that the alarm was not set. For this I blame the total stupidity of alarm systems. If something upsets them for any reason, and you try to set them, they will just not set. This is bad design, in my opinion, and annoys the crap out of me. It seems something (a previous false alarm / error) left the system in "RESET REQUIRED" state and so it did not set that day. There was no obvious way for staff to see that it was not set. This is something we have fixed!
Another annoyance is the installers for the alarm system (a proper alarm company) did not fit any of the door sensors. Every door has a reader and mag-lock and that reader will work with a door sensor. They don't fit as a matter of policy as too many support calls!
Had the sensor been fitted then I would have been alerted with a "DOOR FORCED" alarm as soon as they got through the outer door even though the alarm was not set. I would have been there with a camera and a phone calling 999, within around 2 minutes. We have had false alarms (numpty cleaners) in the past and know we can get there very quickly.
Other issues - the car park has a gate and we are meant to shut it, but it has a combination lock that is fiddly, had an obvious code, was routinely left with the code on display, and nobody bothered to lock. This was not just us, but the other units in Enterprise Court. We suspect that blocking physical access would have stopped or hindered the burglary.
So, lots of separate errors compounded the situation - they got in and took stuff and we did not even know until next morning. They could have driven a truck up to the door and spent an hour cleaning the place from top to bottom if they wanted to!
Deterrent
We have set up internal security cameras that are obvious and include the lobby areas. We have even put a monitor in the lobby to show the camera feed so people see themselves on screen when casing the joint.
We have put smoke cloak "security fog" labels on the doors.
Detection
We have wired every single door to have a door sensor, some with more than one. This means that even if the alarm is not set a forced door will alert staff.
We have set up new reporting systems to alert multiple staff of any alarms or issues. We have remote viewing of the security cameras so any staff alerted can see the office, see if a real break in, and call 999. Of course, I can be there in 2 minutes as well, but the cameras almost remove the need for that.
We have added additional sensors as well. We have also gone to a lot of steps to make it very very clear to staff if they have, or have not, set the alarm at the end of the day. Not going in to details, but there are several separate indicators to staff including text messages.
Prevention
We are no longer relying on a simple mag-lock on the main doors. We have a very nice, professionally installed, motorised deadlock which claims to stand a tonne of force.
The fact that the deadlock engages is one of the things staff can easily see to confirm the alarm is set.
We have a new lock for the gate - one that uses up/down/left/right movements in a sequence. Once you can set, in the dark, with gloves on, and does not leave the combination on the display. Everyone in Enterprise Court is taking security more seriously now.
Mitigation
Once someone does get in - and that is possible as they could just break windows - we have taken further steps.
Some simple steps anyone can take, given what we now know, is Kensington locks. Everything is locked down - in one case kit is locked to a very heavy drain cover under a desk, but mostly stuff is locked to the desk. This does not stop someone taking stuff - simply having bolt cutters gets passed these, but it adds time and delay. They have very limited time to get stuff.
The other big change is a smoke cloak - this is awesome - it makes it so you can barely see your hand in front of your face, or the floor to walk safely, within around 15 seconds. It takes a good ten to fifteen minutes to start clearing even if opening all of the windows. It is around £2k, but very cool. See the video.
Data security
Something we have considered is data loss. The machines taken were very much terminals in that they did not store any data locally - they were used for email and web access to secure systems. That does not rule out cached copies on the machines holding personal data. Obviously all stored passwords were immediately changed, and the machines taken were locked to an apple-ID and wiped if they ever see the light of day. But we have ensured replacement systems (mostly linux) have encrypted file systems, just in case.
Conclusion
Don't wait to be robbed - think of every step: Can you deter them - visible signs of security and cameras; Can to detect them - good alarm systems; Can you prevent them getting access - good locks; Can you mitigate what they do - smoke cloak is awesome.
But it does rather focus the mind, and, as promised, this blog post is to cover the issues we had, the complacency and errors, and some of the steps we have now taken.
Posting any details of our security may be a potential risk, but apart from considering the impossibly small set of people that read my blog and are involved with criminals in the area, I am also restricting this to stuff that you can deduce yourself if you visited or cased the joint anyway.
What happened
The went away and came back with a small van or estate car, drove up to the door and broke in. It seems they brought a drain cover, the role of which is unclear. Somehow (also unknown) they forced the doors. They then quickly grabbed four iMacs, two 30" apple monitors, two iPad minis, two laptops, and took a TV off the wall (one so old we were about to throw away).
They were clearly in a hurry, but spent around 5 minutes on site. Police say they would have assumed a silent alarm. They grabbed kit and took it, breaking connectors in some cases, and dragging stuff off desks as they went. Clearly in a hurry.
What they did not take
What they did not take was a surprise. I will not list everything, for obvious reasons, but there were several high value items in the room they did not consider, and some easily disposable items such as a brand new TV in a box, two brand new monitors in boxes, even a box of expensive whisky. However, if you are going to turn over an office like ours they missed a very obvious and high value set of items - the chairs. Herman Miller chairs run to hundreds each and are routinely sold second hand with no serial numbers. But they did not bring a big van, so probably why they did not touch them. My guess is the chairs were worth the most in terms of easily movable items.
Surprises
They took iMacs and iPads. As we understand it these will never be usable as they are, being locked to apple IDs. They knew to turn off the iPads, for example, to stop them being traced. The only idea here being that they can break stuff down for spares.
What we can learn from that
A really obvious thing that you just don't think of is that the value of an item to a thief is very different to the owner. We have lots of valuable stuff, valuable to us, but not something they could sell. They did not touch the boring black generic monitors or the generic linux under-desk PCs. Once assumes that (a) they knew there was lots of apple stuff, and (b) they have a means of disposal for it.
What we did wrong
This is obviously something we can go in to more detail on, having fixed it all. It comes from over 17 years of not being robbed - complacency.
To get to the office they had to breach two mag-locked doors. Now, if you have ever tried, a mag-lock is damn strong. They do not come apart and you will damage the door frame before they do. We are at a loss as to how they breached the outer door as it is pull not push, but the inner door may have been shocked by a heavy object (perhaps the drain cover).
Having just mag-locks seems silly in hindsight, but the fact you have to get passed two of them, and the alarm would sound anyway and we would know and be there in minutes, is why we did not worry too much.
Unfortunately there were issues - the outer door closer was not quite right, and could leave the door ajar (now fixed). The staff that locked up were adamant this was not the case, but it would have been easy to miss. Even so, the mag lock may be force-able with a crowbar on the door or some such, no idea.
The other big issue is that the alarm was not set. For this I blame the total stupidity of alarm systems. If something upsets them for any reason, and you try to set them, they will just not set. This is bad design, in my opinion, and annoys the crap out of me. It seems something (a previous false alarm / error) left the system in "RESET REQUIRED" state and so it did not set that day. There was no obvious way for staff to see that it was not set. This is something we have fixed!
Another annoyance is the installers for the alarm system (a proper alarm company) did not fit any of the door sensors. Every door has a reader and mag-lock and that reader will work with a door sensor. They don't fit as a matter of policy as too many support calls!
Had the sensor been fitted then I would have been alerted with a "DOOR FORCED" alarm as soon as they got through the outer door even though the alarm was not set. I would have been there with a camera and a phone calling 999, within around 2 minutes. We have had false alarms (numpty cleaners) in the past and know we can get there very quickly.
Other issues - the car park has a gate and we are meant to shut it, but it has a combination lock that is fiddly, had an obvious code, was routinely left with the code on display, and nobody bothered to lock. This was not just us, but the other units in Enterprise Court. We suspect that blocking physical access would have stopped or hindered the burglary.
So, lots of separate errors compounded the situation - they got in and took stuff and we did not even know until next morning. They could have driven a truck up to the door and spent an hour cleaning the place from top to bottom if they wanted to!
Deterrent
We have set up internal security cameras that are obvious and include the lobby areas. We have even put a monitor in the lobby to show the camera feed so people see themselves on screen when casing the joint.
We have put smoke cloak "security fog" labels on the doors.
Detection
We have wired every single door to have a door sensor, some with more than one. This means that even if the alarm is not set a forced door will alert staff.
We have set up new reporting systems to alert multiple staff of any alarms or issues. We have remote viewing of the security cameras so any staff alerted can see the office, see if a real break in, and call 999. Of course, I can be there in 2 minutes as well, but the cameras almost remove the need for that.
We have added additional sensors as well. We have also gone to a lot of steps to make it very very clear to staff if they have, or have not, set the alarm at the end of the day. Not going in to details, but there are several separate indicators to staff including text messages.
Prevention
We are no longer relying on a simple mag-lock on the main doors. We have a very nice, professionally installed, motorised deadlock which claims to stand a tonne of force.
The fact that the deadlock engages is one of the things staff can easily see to confirm the alarm is set.
We have a new lock for the gate - one that uses up/down/left/right movements in a sequence. Once you can set, in the dark, with gloves on, and does not leave the combination on the display. Everyone in Enterprise Court is taking security more seriously now.
Mitigation
Once someone does get in - and that is possible as they could just break windows - we have taken further steps.
Some simple steps anyone can take, given what we now know, is Kensington locks. Everything is locked down - in one case kit is locked to a very heavy drain cover under a desk, but mostly stuff is locked to the desk. This does not stop someone taking stuff - simply having bolt cutters gets passed these, but it adds time and delay. They have very limited time to get stuff.
The other big change is a smoke cloak - this is awesome - it makes it so you can barely see your hand in front of your face, or the floor to walk safely, within around 15 seconds. It takes a good ten to fifteen minutes to start clearing even if opening all of the windows. It is around £2k, but very cool. See the video.
Data security
Something we have considered is data loss. The machines taken were very much terminals in that they did not store any data locally - they were used for email and web access to secure systems. That does not rule out cached copies on the machines holding personal data. Obviously all stored passwords were immediately changed, and the machines taken were locked to an apple-ID and wiped if they ever see the light of day. But we have ensured replacement systems (mostly linux) have encrypted file systems, just in case.
Conclusion
Don't wait to be robbed - think of every step: Can you deter them - visible signs of security and cameras; Can to detect them - good alarm systems; Can you prevent them getting access - good locks; Can you mitigate what they do - smoke cloak is awesome.
2014-04-12
Rangemaster - why?
We have had a rangemaster for nearly 20 years, and it finally broke so we got a new one - almost the same, but a different colour.
Apart from the my tip of not changing the colour otherwise someone will want a new kitchen to match (I'll save that for another blog), I am somewhat disappointed with the simple control / timer (see picture).
How can something so simple be annoying?
It appears to be exactly the same as the old one. You have (left to right) a timer (that makes a ding); a cook timer (that stops over after time); a start time for cooking; reset; -; and +.
It is not like I do much cooking, but I actually use the timer. I set the cook timer for the oven. It beeps when done and turns off the oven when done - just like a microwave.
To set, you press the cook timer, then use + to get to right number of minutes.
With the old oven the + and - adjusted the timer when pressed, and if held for more than a short period they continued to adjust rapidly. It was quite fast but you could easily let go at the right time, or press "-" to go back to the right time. It was simple and intuitive.
The new one is different. Holding it moves the time very slowly, annoyingly slow, but holding longer gets faster, and then faster, and so on. Trying to set 30 minutes is a nightmare as when it gets to 30 minutes it is going so fast you are like 35 or 40 before you let go. Then going back is tortuously slow. What is worse is you cannot just press the button several times as it does not register each press any more. It is just horrid to use.
What is worse is the reset button, which puts the oven back to normal working after the cooking is done, no longer resets if the timer is running. So if you set 30 minutes, but realise the food is done at 25 minutes, you cannot reset the timer. You seem to have to try and use the "-" key to get the timer down to zero so it beeps and then press reset. Even holding it seems to do nothing.
Why the hell change something so simple, really.
Apart from the my tip of not changing the colour otherwise someone will want a new kitchen to match (I'll save that for another blog), I am somewhat disappointed with the simple control / timer (see picture).
How can something so simple be annoying?
It appears to be exactly the same as the old one. You have (left to right) a timer (that makes a ding); a cook timer (that stops over after time); a start time for cooking; reset; -; and +.
It is not like I do much cooking, but I actually use the timer. I set the cook timer for the oven. It beeps when done and turns off the oven when done - just like a microwave.
To set, you press the cook timer, then use + to get to right number of minutes.
With the old oven the + and - adjusted the timer when pressed, and if held for more than a short period they continued to adjust rapidly. It was quite fast but you could easily let go at the right time, or press "-" to go back to the right time. It was simple and intuitive.
The new one is different. Holding it moves the time very slowly, annoyingly slow, but holding longer gets faster, and then faster, and so on. Trying to set 30 minutes is a nightmare as when it gets to 30 minutes it is going so fast you are like 35 or 40 before you let go. Then going back is tortuously slow. What is worse is you cannot just press the button several times as it does not register each press any more. It is just horrid to use.
What is worse is the reset button, which puts the oven back to normal working after the cooking is done, no longer resets if the timer is running. So if you set 30 minutes, but realise the food is done at 25 minutes, you cannot reset the timer. You seem to have to try and use the "-" key to get the timer down to zero so it beeps and then press reset. Even holding it seems to do nothing.
Why the hell change something so simple, really.
2014-04-11
Fibre optic cable?
To be fair to Virgin they are being a tad more careful with their wording now, but only just.
They sell "super fast broadband through fast fibre optic cable". Well, there will be fibre somewhere just like every single broadband you can buy which will have fibre optic cable for some of it, even if that is from the exchange back in to the Internet.
They go on to say "Our fibre optic cable is high tech all the way" which is a tad devious as it is not "fibre optic cable" all the way, is it!
They get a bit more dodgy when they say "Because our broadband comes down fibre optic cable instead of your phone line,..." which is misleading. It does not come down fibre optic cable instead of my phone line - the bit that is instead of my phone line, certainly at my end of my phone line (if I has one), is plainly copper coax cable as can be seen in this picture. Indeed, this is not even "Fibre To The Cabinet" which is what one would get from BT.
They do call it "Our fibre optic broadband" still. My real gripe here is with the ASA allowing them to call something that is plainly not fibre optic to be sold as fibre optic broadband. Show me one fibre in that picture?
Even so, the engineers that came were professional and did a good job, in spite of the obvious mistake in the cab (visible in picture above) and a faulty isolation unit. They missed their AM slot because the dig crew were late, which is a shame.
However, I do rather have to explain myself here - WTF have I got Virgin broadband at my home?!?!?!?
Don't panic, I have not lost the plot or turned to the dark side. It is all part of work with the Open Rights Group to monitor the state of Internet filtering. Even so, it was rather weird being a normal customer for a change. Obviously the service is simply VLANed back to my office where they have BT, Sky, TalkTalk and Plusnet as well.
They sell "super fast broadband through fast fibre optic cable". Well, there will be fibre somewhere just like every single broadband you can buy which will have fibre optic cable for some of it, even if that is from the exchange back in to the Internet.
They go on to say "Our fibre optic cable is high tech all the way" which is a tad devious as it is not "fibre optic cable" all the way, is it!
They get a bit more dodgy when they say "Because our broadband comes down fibre optic cable instead of your phone line,..." which is misleading. It does not come down fibre optic cable instead of my phone line - the bit that is instead of my phone line, certainly at my end of my phone line (if I has one), is plainly copper coax cable as can be seen in this picture. Indeed, this is not even "Fibre To The Cabinet" which is what one would get from BT.
They do call it "Our fibre optic broadband" still. My real gripe here is with the ASA allowing them to call something that is plainly not fibre optic to be sold as fibre optic broadband. Show me one fibre in that picture?
Even so, the engineers that came were professional and did a good job, in spite of the obvious mistake in the cab (visible in picture above) and a faulty isolation unit. They missed their AM slot because the dig crew were late, which is a shame.
However, I do rather have to explain myself here - WTF have I got Virgin broadband at my home?!?!?!?
Don't panic, I have not lost the plot or turned to the dark side. It is all part of work with the Open Rights Group to monitor the state of Internet filtering. Even so, it was rather weird being a normal customer for a change. Obviously the service is simply VLANed back to my office where they have BT, Sky, TalkTalk and Plusnet as well.
2014-04-08
Zebra letting me down, again
I am sorry to report that once again Zebra are letting me down. I have to seriously look in to alternative printers than can actually print edge to edge on SIM cards (which are not as smooth as typical cards). The Zebra ZXP8 is one of those that can because it is a retransfer printer. Surely some other manufacturer must make one that can cope?
To recap the previous fiasco briefly: I ordered a printer with a smart card "contact station" and it took them 5 months to explain that this does not actually do anything and recommend I paid for a "mifare and smart card encoder". It turns out that this does not in fact do what we want anyway, i.e. does not work over Ethernet (having got an Ethernet connected printer for a reason). They did, eventually, put the contact station back and I used a Raspberry PI and USB card reader linked to the contact station. The marketing was bad, the support was worse until I started blogging and tweeting. Eventually they sorted it and were very apologetic. I hoped that was the end of problems.
But the saga continues. Up until they took the printer to make these changes it worked very reliably - we had been using it for 5 months, but now it started being unreliable, reporting "card jam" with the card just sat in the middle of the printer ready to print. It was getting more and more unreliable making it very difficult to get SIMs printed without several attempts each.
It took several days to get a reply, but once again Jim from their technical support department was helpful with things to try, and after I confirmed it breaks with plain white Zebra cards using the test card print (see video) he said he would get someone from their on-site technical support to call me today (Monday). It did not happen in spite of several chasing emails. Shame.
To add insult to injury, every time I email their support people I get an automated response confirming the email arrived (usually several hours after sent) that says their target response time is 4 hours!
Does anyone know of a printer that can do what this one does?
And sorry Zebra, but you still need to improve things. I don't like to be a nuisance customer, honest, but if blogging and tweeting is the only way to make a company jump, that is what has to happen.
Update: Zebra did come out today (Wednesday) and as always when I do get hold of someone they are helpful and polite. They did find a loose connector, and all was well with lots of cards printed - until he was about to drive off and it went again. More bits changed and fingers crossed, massively more reliable than before, so may be OK now - but if not they'll strip it down and fix it for me and I have some direct contacts. Thanks guys.
To recap the previous fiasco briefly: I ordered a printer with a smart card "contact station" and it took them 5 months to explain that this does not actually do anything and recommend I paid for a "mifare and smart card encoder". It turns out that this does not in fact do what we want anyway, i.e. does not work over Ethernet (having got an Ethernet connected printer for a reason). They did, eventually, put the contact station back and I used a Raspberry PI and USB card reader linked to the contact station. The marketing was bad, the support was worse until I started blogging and tweeting. Eventually they sorted it and were very apologetic. I hoped that was the end of problems.
But the saga continues. Up until they took the printer to make these changes it worked very reliably - we had been using it for 5 months, but now it started being unreliable, reporting "card jam" with the card just sat in the middle of the printer ready to print. It was getting more and more unreliable making it very difficult to get SIMs printed without several attempts each.
It took several days to get a reply, but once again Jim from their technical support department was helpful with things to try, and after I confirmed it breaks with plain white Zebra cards using the test card print (see video) he said he would get someone from their on-site technical support to call me today (Monday). It did not happen in spite of several chasing emails. Shame.
To add insult to injury, every time I email their support people I get an automated response confirming the email arrived (usually several hours after sent) that says their target response time is 4 hours!
Does anyone know of a printer that can do what this one does?
And sorry Zebra, but you still need to improve things. I don't like to be a nuisance customer, honest, but if blogging and tweeting is the only way to make a company jump, that is what has to happen.
Update: Zebra did come out today (Wednesday) and as always when I do get hold of someone they are helpful and polite. They did find a loose connector, and all was well with lots of cards printed - until he was about to drive off and it went again. More bits changed and fingers crossed, massively more reliable than before, so may be OK now - but if not they'll strip it down and fix it for me and I have some direct contacts. Thanks guys.
2014-04-07
BT 7 hour fix, a con?
BT offer various service level guarantees for their services, and one of the ones we do as standard on our Office::1 business service is a "7 hour fix" package (maintenance category 14).
This is not just a response in 7 hours, but a guarantee from BT to fix in 7 hours, 24 hours a day, including holidays and weekends.
So when we have a customer ordering service a month early to ensure all will be well for the day they need it, and putting the lines on 7 hour fix to ensure any problems are sorted promptly, it is somewhat of a surprise to find BT have no apparent intention of fixing in 7 hours, even now, after TWO WEEKS that this fault has been open and with BT.
They are plainly not working on it 24 hours a day and taking the night and weekends off from even responding to our requests for an update.
It really does seem to me that the 7 hour fix is just a con. It seems that they know they will often fail to meet it and count on the fact that it cost so much ,and the compensation for failure is so low, that it just does not matter to them.
I am unsure what to do next for my customer.
I am unsure what to do next with BT.
It is the most appalling service, and would be bad even if it was on the standard "40 hour" SLA, but paying extra for a 7 hour fix and they just don't seem to care - that is almost fraud, surely?
This is not just a response in 7 hours, but a guarantee from BT to fix in 7 hours, 24 hours a day, including holidays and weekends.
So when we have a customer ordering service a month early to ensure all will be well for the day they need it, and putting the lines on 7 hour fix to ensure any problems are sorted promptly, it is somewhat of a surprise to find BT have no apparent intention of fixing in 7 hours, even now, after TWO WEEKS that this fault has been open and with BT.
They are plainly not working on it 24 hours a day and taking the night and weekends off from even responding to our requests for an update.
It really does seem to me that the 7 hour fix is just a con. It seems that they know they will often fail to meet it and count on the fact that it cost so much ,and the compensation for failure is so low, that it just does not matter to them.
I am unsure what to do next for my customer.
I am unsure what to do next with BT.
It is the most appalling service, and would be bad even if it was on the standard "40 hour" SLA, but paying extra for a 7 hour fix and they just don't seem to care - that is almost fraud, surely?
Voice Assured Broadband
Well, BT are talking about launching a service called Voice Assured Broadband.
Can I be really really cynical and say that what this actually means is that they will no longer accept that a line with packet loss and latency is "broken, because VoIP does not work".
We have seen that they consider huge levels of loss like 3% as "acceptable" already, but one wonders how bad broadband will be allowed to get if they can dismiss all VoIP issues with "Should've got VABB service".
However, as long as they called the current service "best efforts" there cannot be anything better, can there?
Can I be really really cynical and say that what this actually means is that they will no longer accept that a line with packet loss and latency is "broken, because VoIP does not work".
We have seen that they consider huge levels of loss like 3% as "acceptable" already, but one wonders how bad broadband will be allowed to get if they can dismiss all VoIP issues with "Should've got VABB service".
However, as long as they called the current service "best efforts" there cannot be anything better, can there?
2014-04-06
The problem with SIP
SIP (Session Initiation Protocol), used for VoIP, has a slight problem, in my opinion.
If I am lucky, someone will post a reply to this blog and tell me I have missed the bleeding obvious here, but somehow I doubt it.
When you send an INVITE (to make a call), or indeed any message, the receiving end has the option to challenge you. The challenge allows you to send your identity and respond to the challenge with a signed response confirming your identity based on a password. The challenge/response system is pretty common in many protocols.
The problem with SIP is that the initial INVITE does not have any way to tell the recipient "I have some authentication details for you". This means the recipient has to work that out from the From/To headers. It does not know the username the sender may use if challenged, and the local part of the From header is likely to be a calling number.
The issue is that some times you are trusting the far end based on IP address and not generating a challenge, and some times you want to generate a challenge to confirm the identity. You may have a mixture of the two on the same box. A fixed config that trusts the far end is not that uncommon and avoids an extra exchange of messages.
This causes a lot of problems for things like asterisk. It is quite complicated to configure asterisk to work out if it should challenge the INVITE or not. What is worse is that asterisk does a DNS lookup of the configured host name when it checks and expects one IP address against which to check. This is a really pain when you have a group of call servers you want to trust, and makes the config quite large.
We are hitting a snag with our SIP2SIM. We have a set of call servers which can send REGISTER and INVITE messages to the customer's server. People using us for VoIP have their asterisk servers set up to understand that calls can come from that same set of servers for normal calls. But that means asterisk does not think it is sensible to challenge us for the SIP2SIM calls where we are acting like a SIP device, and hence have a username and password to use. We are working out the best way around this at the moment. We don't really want to have to set up a second set of call servers (or additional IP addresses) just for sending the SIP2SIM calls and registrations.
If SIP had a way to tell the recipient that it has credentials, and force the challenge, that would solve this. We would send the username when we have it, and the recipient can consider it in that context.
If I am lucky, someone will post a reply to this blog and tell me I have missed the bleeding obvious here, but somehow I doubt it.
When you send an INVITE (to make a call), or indeed any message, the receiving end has the option to challenge you. The challenge allows you to send your identity and respond to the challenge with a signed response confirming your identity based on a password. The challenge/response system is pretty common in many protocols.
The problem with SIP is that the initial INVITE does not have any way to tell the recipient "I have some authentication details for you". This means the recipient has to work that out from the From/To headers. It does not know the username the sender may use if challenged, and the local part of the From header is likely to be a calling number.
The issue is that some times you are trusting the far end based on IP address and not generating a challenge, and some times you want to generate a challenge to confirm the identity. You may have a mixture of the two on the same box. A fixed config that trusts the far end is not that uncommon and avoids an extra exchange of messages.
This causes a lot of problems for things like asterisk. It is quite complicated to configure asterisk to work out if it should challenge the INVITE or not. What is worse is that asterisk does a DNS lookup of the configured host name when it checks and expects one IP address against which to check. This is a really pain when you have a group of call servers you want to trust, and makes the config quite large.
We are hitting a snag with our SIP2SIM. We have a set of call servers which can send REGISTER and INVITE messages to the customer's server. People using us for VoIP have their asterisk servers set up to understand that calls can come from that same set of servers for normal calls. But that means asterisk does not think it is sensible to challenge us for the SIP2SIM calls where we are acting like a SIP device, and hence have a username and password to use. We are working out the best way around this at the moment. We don't really want to have to set up a second set of call servers (or additional IP addresses) just for sending the SIP2SIM calls and registrations.
If SIP had a way to tell the recipient that it has credentials, and force the challenge, that would solve this. We would send the username when we have it, and the recipient can consider it in that context.
"No contract"
OK, I am watching TV adverts again, sorry. I really must learn.
This is not the first time I have seen adverts for something use the phrase "NO CONTRACT". This time was for NOW TV.
I think they mean no minimum term, or no "tie in" or some such. But I am sure they do not mean "No contract". Saying "no contract" has an important legal meaning.
Basically, you can make an agreement with someone. When you do, it can either be a contractual, and hence enforceable, agreement, or it can be a non-contractual agreement bound by honour only.
You may think that a non-contractual agreement is unusual, but it is something we all do every day. Most social agreements made with friends are non-contractual: "you get this round, I'll get the next", etc.
But even things you may think of as commercial that people use every day are non contractual, like using the Royal Mail.
A non contractual agreement is still an agreement. It is still two parties each agreeing to do something for the other. The difference is that is cannot be enforced. You cannot sue someone for failing to do what they agreed when there is no contract. This works well when the agreed upon actions go together, even handing over money for something if done as a single transaction, does not need to be a contract.
How do you know if an agreement is a contract? Well there are defaults - a social agreement is normally non contractual. Betting with a bookie used to be non contractual (not sure if that is the case these days). But most commercial things, buying goods or services, etc, are assumed to have a contract. But this is the default, and can be changed by an explicit statement. So stating "NO CONTRACT" is stating that the agreement is non-contractual.
What does this mean? Well, it means that you pay your money and the service may or may not be provided. Better still, you agree to pay money and then don't and they cannot really do anything about it (apart from stopping providing the service). Now maybe, for a pre-paid TV service it makes sense to have no contract. They know they can stop the service if you don't pay.
Still, a slightly worrying trend for marketing people not to know this.
This is not the first time I have seen adverts for something use the phrase "NO CONTRACT". This time was for NOW TV.
I think they mean no minimum term, or no "tie in" or some such. But I am sure they do not mean "No contract". Saying "no contract" has an important legal meaning.
Basically, you can make an agreement with someone. When you do, it can either be a contractual, and hence enforceable, agreement, or it can be a non-contractual agreement bound by honour only.
You may think that a non-contractual agreement is unusual, but it is something we all do every day. Most social agreements made with friends are non-contractual: "you get this round, I'll get the next", etc.
But even things you may think of as commercial that people use every day are non contractual, like using the Royal Mail.
A non contractual agreement is still an agreement. It is still two parties each agreeing to do something for the other. The difference is that is cannot be enforced. You cannot sue someone for failing to do what they agreed when there is no contract. This works well when the agreed upon actions go together, even handing over money for something if done as a single transaction, does not need to be a contract.
How do you know if an agreement is a contract? Well there are defaults - a social agreement is normally non contractual. Betting with a bookie used to be non contractual (not sure if that is the case these days). But most commercial things, buying goods or services, etc, are assumed to have a contract. But this is the default, and can be changed by an explicit statement. So stating "NO CONTRACT" is stating that the agreement is non-contractual.
What does this mean? Well, it means that you pay your money and the service may or may not be provided. Better still, you agree to pay money and then don't and they cannot really do anything about it (apart from stopping providing the service). Now maybe, for a pre-paid TV service it makes sense to have no contract. They know they can stop the service if you don't pay.
Still, a slightly worrying trend for marketing people not to know this.
Subscribe to:
Posts (Atom)
Fencing
Bit of fun... We usually put up some Christmas lights on the house - some fairy lights on the metal fencing at the front, but a pain as mean...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...